Verizon opens investigation into stolen customer data being sold online

Published: 17 March 2026
Last updated: 18 March 2026
Russell Cellular Verizon retailer
Listen to this article

More than six million telecom customer records are now allegedly up for sale online, raising fresh fears about how deeply attackers may have penetrated a major Verizon partner.

While the Netherlands is still reeling from a catastrophic breach of its major telecommunications provider, Odido, in which the personal data of 6.2 million customers was exposed, another US telcom giant might also be facing a cyber heist.

Russell Cellular, one of the largest Verizon Authorized Retailers in the United States, has allegedly been compromised in a cyber incident exposing more than 6.3 million customer records.

ADVERTISEMENT

With over 2000 employees, the company operates over 750 locations nationwide and plays a significant role in the US telecommunications retail ecosystem.

A database allegedly belonging to Russell Cellular is now circulating on a well-known hacker forum. It is being offered for sale for $1,200. According to the threat actor, the dataset spans roughly 61GB and is organized across 209 tables.

verizon retail
Entry on hacker forum. Screenshot by Cybernews.

What the attacker claims to have stolen from Russell Cellular

The attacker claims the stolen data includes a wide range of sensitive information tied to both customers and employees. They report that the allegedly compromised data includes:

  • Full names
  • Phone numbers
  • Email addresses
  • Account numbers
  • Device identifiers, including ESN and IMEI/SN
  • Invoice and tracking numbers
  • Contract details
  • Device models and selected tariff plans
  • Employee usernames, passwords, and access roles

Data samples raise deeper concerns

To support their claims, the threat actor uploaded two file samples, which the Cybernews team has investigated. Our researchers reviewed both and found structured and legitimate-looking data.

ADVERTISEMENT

One sample appears to contain customer records, including names, phone numbers, device details, and subscription plans.The second sample is more alarming, containing employee data such as full names, corporate email addresses, job roles, and login credentials.

Notably, some passwords appear in plaintext, while others are hashed, suggesting access to internal systems may be at risk.

verizon retail data sample
Data sample. Screenshot by Cybernews.

“This is more dangerous to company employees. Credentials can be used to compromise internal systems, and possible credential stuffing attacks if employees reused the same passwords somewhere else,” our research team explained.

“Also, there’s a risk of reconnaissance and social engineering attacks for both customers and employees,” they added.

At this stage, it’s not confirmed whether the data is authentic, how it was obtained, or whether the breach stems from Russell Cellular’s internal systems or a third-party service. Cybernews has reached out to the company for confirmation of the cyber incident, but is still waiting for its response.

Verizon is investigating

After the publication went live, Verizon reached out to Cybernews, stating that it is aware of a "potential threat targeting customer data" through a third-party retailer.

“Our teams are actively investigating the matter and working with the retailer to understand the extent of the issue and its impact,” the spokesperson said, stressing, that the company prioritizes the security of its customer data.

They ensured they would share additional data as the investigation progresses

Verizon has been targeted before

ADVERTISEMENT

Telecommunications services have been a primary target for threat actors. In 2024, the Beijing-linked threat actors labeled Salt Typhoon breached several internet service providers in the US, including AT&T and Verizon. Verizon claimed at the time to “have contained” the attack.

US authorities questioned the companies, as both telecom giants refused to provide network security assessments conducted by cybersecurity firm Mandiant, despite repeated requests from lawmakers seeking clarity on whether the companies’ networks were secure.

In 2025, the Verizon Call Filter iOS app, which automatically blocks spam, filters unwanted callers, including robocalls, and identifies unknown texters, also allegedly exposed all of its users’ call records.

In the same year, researchers discovered that sensitive data from 61 million Verizon users was circulating on the web. Verizon at the time denied that it was related to the data.

And in October, the cyber gang supergroup Scattered LAPSUS$ Hunters posted data samples on its Telegram channel, claiming it had breached a group of major international corporations, including Verizon.


Updated on March 18th [10:50 a.m. GMT+2] with a statement from Verizon

Unlock more exclusive Cybernews content on YouTube.

ADVERTISEMENT
Share
Post
Share
Share
Share
More from Cybernews
Meta confirms: critical vulnerability in account recovery tool exposed over 20K Instagram users
UK to use AI to prepare for AI-induced employment challenges
Dark web drug vendor gets 26 years for selling fentanyl and meth
Meta escalates legal battle with Israeli spyware firm NSO over WhatsApp attacks
UK PM Starmer set to ban social media for Under-16s
OpenAI plans biggest ChatGPT overhaul ahead of listing
ADVERTISEMENT
Leave a Reply

Your email address will not be published. Required fields are markedmarked